Computer upgrades are a source for many of
the questions and much discussion during the Random Access sessions
at our monthly general meetings. Over the years, Microsoft has gradually improved the upgrade
process making it relatively simple. If all you have on your
machine is Windows with no applications or data then the upgrade
process is a piece of cake! Of course that is not reality and
the whole point of upgrading a machine is to preserve the applications
and data, and the server at the DACS Resource Center (RC) was
no exception. So we set out to upgrade our server from Windows 2000 Server to Windows Server 2003 Enterprise Edition.
Here are the requirements we set
for our move:
- Originally the RC server had been
set up to boot multiple operating systems. We needed to eliminate
this and move the operating system to the primary partition.
- Our goal was to make the completed
server as secure as possible. These two requirements meant that
we had to do a clean install rather than an upgrade in place.
- The RC server runs a simple email
server for the dacs.org domain. We had to move this
application and not lose any configuration data. We also could
not be down for more than a day or we would start to lose email
messages.
- Several SIGs had small amounts
of data on the server and we did not want to lose any of that.
- The server provides DHCP (automatic
IP addresses) and DNS (domain name service) for the Resource
Center network. We had to move this functionality.
- Lastly, we did not want to lose
the user accounts, passwords and related security information
that was contained in Active Directory on the existing server.
Our primary requirement was to learn
the upgrade process. DACS is an educational organization
and this was an opportunity to learn about the new Microsoft
server operating system. And
besides, I didn't want to do it alone!
The group that did the upgrade became
known as the Server 2003 SIG. In reality it was a spin-off
from the Server and Networking SIG. Six meetings were scheduled
during October. At our first
meeting, we inventoried the server for applications and services
to move. Next we determined
what we needed to install on the "new" server and how
we would accomplish that. We wrestled
with how to preserve the existing data during the move.
While we "practiced" the
Server 2003 installation process on my laptop, we realized that
the
whole process could be vastly simplified by temporarily moving
everything to another machine
(like my laptop) and then moving it back. This seemingly obvious
solution is not as simple as it
first appears. Here are the major steps we determined we needed
to do the job:
- Install Server 2003 on my laptop
and make it a "member server" on the old domain.
- Run ADPREP (Active Directory preparation
program) to update the Win2k AD to the
structure needed for the Server 2003 AD. This is a two step process.
- Run DCPROMO (domain controller
promotion) on my laptop to install AD. As part of this
process, the AD data is replicated to the new domain controller
with one important exception
that we'll talk about in a minute.
- Copy any needed application data
and configuration information to the laptop making paper
backups whenever possible.
- Run DCPROMO on the old server to
remove AD and remove it from the domain. This forces all remaining
AD data over to the laptop (now the only domain controller in
the domain).
- Reformat the old server and install
Server 2003.
- Make the new server a member server
on the domain.
- Perform steps 3, 4 and 5 on the
"new" server to create the new domain controller and
replicate AD back to the server from the laptop.
- Reinstall the applications and
services on the new server.
- Run DCPROMO on the laptop to remove
AD and force all remaining AD information back
to the server.
Had we followed these steps, I am
convinced we would have been completely successful. Would
have been? Well, yes, we failed to meet requirement #6 and lost
all of the user accounts and
other AD data. In our haste, we skipped step #5 and lost part
of the AD data. As a result, the AD
on the new server could not function properly.
The primary reason for our failure
was that we did not write the steps down before we started.
The process seemed simple enough and we had rehearsed everything
we could. OK, we got over
confident and as a result we screwed up. I was pushing the key
strokes at the time, so really it
was my fault.
Active Directory (AD) is the application
that manages all of the resources users, computers,
printers, etc on a Microsoft Windows network. When a user or
machine on the network tries to
access or use a resource, it is AD that checks to see if the
user has the rights or permissions
needed to use the resource. Since a new resource can be added
from anywhere on the network
(any domain controller and a large organization could have hundreds),
AD needs a way to ensure
that a resource is added only once. It does this in the Global
Catalog. In a domain a simple as
ours, there is only one global catalog. When we missed step #5,
the global catalog was destroyed.
As a result we could not add new users or anything else to AD
on the laptop. At this point we
knew we had lost the AD and were forced to create a new one.
We did have our paper backups so
we knew the user account names (all nine of them). The task
of typing them in was not too onerous. The biggest loss was to
our pride. Because of this I will
not name the other two DACS members who were there helping with
the process.
The current status is that the "new"
server has been up and running without any problems for
almost three weeks. We still need a few finishing touches, like
new CD burning software, but the
server is performing its primary functions perfectly. We now
have the opportunity to learn more
about Server 2003 how it is configured and managed. Come to any
of the networking-related
SIGs Server and Networking, Linux, and Advanced OS to learn more.
|